To determine whether DHS components have implemented adequate technical controls, such as configuration settings and patch management, to reduce risks to the confidentiality, availability, and integrity of a sample of servers and network devices supporting their financial management systems.